def test_change_password_target_pdc(self):
self.require(ad_admin=True)
domain = self.domain()
creds = Creds(domain)
creds.acquire(self.ad_admin_account(), self.ad_admin_password())
activate(creds)
client = Client(domain)
locator = Locator()
pdc = locator.locate(domain, role='pdc')
user = self._create_user(client, 'test-usr-4', server=pdc)
principal = 'test-usr-4@%s' % domain
client.set_password(principal, 'Pass123', server=pdc)
mods = []
ctrl = AD_USERCTRL_NORMAL_ACCOUNT
mods.append(('replace', 'userAccountControl', [str(ctrl)]))
mods.append(('replace', 'pwdLastSet', ['0']))
client.modify(user, mods, server=pdc)
client.change_password(principal, 'Pass123', 'Pass456', server=pdc)
creds = Creds(domain)
creds.acquire('test-usr-4', 'Pass456', server=pdc)
assert_raises(ADError,
creds.acquire,
'test-usr-4',
'Pass321',
server=pdc)
self._delete_obj(client, user, server=pdc)
def test_order_dns_srv_priority(self):
srv = [ SRV(10), SRV(0), SRV(10), SRV(20), SRV(100), SRV(5) ]
loc = Locator()
result = loc._order_dns_srv(srv)
prio = [ res.priority for res in result ]
sorted = prio[:]
sorted.sort()
assert prio == sorted
def test_simple(self, conf):
conf.require(ad_user=True)
domain = conf.domain()
loc = Locator()
result = loc.locate_many(domain)
assert len(result) > 0
result = loc.locate_many(domain, role='gc')
assert len(result) > 0
result = loc.locate_many(domain, role='pdc')
assert len(result) == 1
def test_search_server(self, conf):
conf.require(ad_user=True)
domain = conf.domain()
creds = Creds(domain)
creds.acquire(conf.ad_user_account(), conf.ad_user_password())
activate(creds)
locator = Locator()
server = locator.locate(domain)
client = Client(domain)
result = client.search('(objectClass=user)', server=server)
assert len(result) > 1
def test_search_server(self):
self.require(ad_user=True)
domain = self.domain()
creds = Creds(domain)
creds.acquire(self.ad_user_account(), self.ad_user_password())
activate(creds)
locator = Locator()
server = locator.locate(domain)
client = Client(domain)
result = client.search('(objectClass=user)', server=server)
assert len(result) > 1
def test_network_failure(self, conf):
conf.require(ad_user=True, local_admin=True, firewall=True)
domain = conf.domain()
loc = Locator()
# Block outgoing DNS and CLDAP traffic and enable it after 3 seconds.
# Locator should be able to handle this.
conf.remove_network_blocks()
conf.block_outgoing_traffic('tcp', 53)
conf.block_outgoing_traffic('udp', 53)
conf.block_outgoing_traffic('udp', 389)
t = Timer(3, conf.remove_network_blocks); t.start()
result = loc.locate_many(domain)
assert len(result) > 0
def test_search_rootdse(self, conf):
conf.require(ad_user=True)
domain = conf.domain()
creds = Creds(domain)
creds.acquire(conf.ad_user_account(), conf.ad_user_password())
activate(creds)
locator = Locator()
server = locator.locate(domain)
client = Client(domain)
result = client.search(base='', scope='base', server=server)
assert len(result) == 1
dns, attrs = result[0]
assert 'supportedControl' in attrs
assert 'supportedSASLMechanisms' in attrs
def test_search_rootdse(self):
self.require(ad_user=True)
domain = self.domain()
creds = Creds(domain)
creds.acquire(self.ad_user_account(), self.ad_user_password())
activate(creds)
locator = Locator()
server = locator.locate(domain)
client = Client(domain)
result = client.search(base='', scope='base', server=server)
assert len(result) == 1
dns, attrs = result[0]
assert attrs.has_key('supportedControl')
assert attrs.has_key('supportedSASLMechanisms')
def test_set_password_target_pdc(self, conf):
conf.require(ad_admin=True)
domain = conf.domain()
creds = Creds(domain)
creds.acquire(conf.ad_admin_account(), conf.ad_admin_password())
activate(creds)
client = Client(domain)
locator = Locator()
pdc = locator.locate(domain, role='pdc')
user = utils.create_user(client, 'test-usr-2', server=pdc)
principal = 'test-usr-2@%s' % domain
client.set_password(principal, 'Pass123', server=pdc)
mods = []
ctrl = AD_USERCTRL_NORMAL_ACCOUNT
mods.append(('replace', 'userAccountControl', [str(ctrl)]))
client.modify(user, mods, server=pdc)
creds = Creds(domain)
creds.acquire('test-usr-2', 'Pass123', server=pdc)
assert_raises(ADError, creds.acquire, 'test-usr-2','Pass321', server=pdc)
delete_obj(client, user, server=pdc)
def test_order_dns_srv_weight(self):
n = 10000
w = (100, 50, 25)
sumw = sum(w)
count = {}
for x in w:
count[x] = 0
loc = Locator()
srv = [ SRV(0, x) for x in w ]
for i in range(n):
res = loc._order_dns_srv(srv)
count[res[0].weight] += 1
print(count)
def stddev(n, p):
# standard deviation of binomial distribution
return math.sqrt(n*p*(1-p))
for x in w:
p = float(x)/sumw
# 6 sigma this gives a 1 per 100 million chance of wrongly
# asserting an error here.
assert abs(count[x] - n*p) < 6 * stddev(n, p)
def test_detect_site(self, conf):
conf.require(ad_user=True)
loc = Locator()
domain = conf.domain()
site = loc._detect_site(domain)
assert site is not None